Presentation to Senior Management

2007

MiFID for Senior Managers Introduction

These slides introduce the big changes for senior management from MiFID and other changes, for discussion at the meeting. They are in the form of a description and, often, are an example or case study or quotation from the FSA. The slides assume those attending have already, or will shortly, have MiFID Awareness training or periodic briefings.

MiFID for Senior Managers Agenda

1. Introduction

2. What does More Principles-based Regulation mean for Senior Managers?

3. Who will be responsible for making decisions on compliance in the

firm?

4. What are the big changes for senior management in the new Senior Management arrangements, systems and controls rules?

5. What Corporate Governance is the FSA expecting from firms?

6. How does the FSA expect senior management to apply the risk-based approach in firms?

7. Will senior management need to spend more time on compliance?

MiFID for Senior Managers What does More Principles-based Regulation mean for Senior Management – Case Study 1?

A firm has an internal fraud of £1.4 million. Client Accounts were debited dishonestly over several years. All clients were compensated in full by the firm.

There is only a high level rule requiring firms to have controls against financial crime.

From 2005 onwards the FSA has issued a series of Discussion Papers, “Dear CEO” Letters and made speeches asking firms to focus on this area of controls.

The FSA fined the firm (BNP Paribas Private Bank) £350,000 for failing to have effective systems and controls to manage the risk relating to fraud (Principle 3).

MiFID for Senior Managers What does More Principles-based Regulation mean for Senior Management – Case Study 2?

An employee from a firm takes home a laptop containing some individual data. The laptop is stolen. No immediate report is made to the FSA.

No customer’s data is improperly used. The FSA has only high level rules requiring firms to have internal

controls to protect individuals’ data. There has been a Government, media and FSA information

campaign on IT security in firms. The FSA fined the firm (Nationwide Building Society) £980,000 for

failing to have effective systems and controls to manage the risks that customer information might be lost or stolen.

MiFID for Senior Managers What does More Principles-based Regulation mean for Senior Management – Case Study 3?

A firm provides financial advice to individual customers. Its record show that it obtains some, but not sufficient, information from customers.

The FSA advises the firm to obtain and record more information. It finds the same problem on another visit.

The FSA does not provide detailed guidance on what Know Your Customer information to obtain and record. It does publish Treating Customers Fairly “good practice” examples.

The FSA fined the firm (Trigon Pensions Limited) £10,500 (due to its small resources) for breaching Principle 2 (due skill care and diligence), Principle 3 (management and control), Principle 6 (customers’ interests) and Principle 7 (communication with clients).

MiFID for Senior Managers Predictability of Enforcement Action

To do this, [enforcement action on Principles alone] we are conscious that it must be possible for a firm to predict at the time of the action whether it would be a breach of a Principle.

““””(The FSA’s paper “Principles-based regulation”, April 2007.)

MiFID for Senior Managers Who will be responsible for applying the FSA Principles?Possible Answers

A. The Chief Executive Officer

B. The Compliance Officer

C. The Chief Executive Officer with support from the Compliance Officer

D. The Compliance Officer who has been allocated this responsibility by the Chief Executive Officer

E. The Board of Directors

F. The Firm?

MiFID for Senior Managers Who will be responsible for applying the Principles in the Firm? - Example

Dispute between marketing and compliance department on whether a product should be promoted to a particular type of customer. This is crucial to its economic viability.

Compliance are applying the firm’s “Treating Customer Fairly” Policy.

Marketing point out that they have already promoted this product successfully to this type of customer in the past.

The Compliance Officer is willing to compromise – through giving increased risk warnings. Should you rely on Compliance’s acceptance of the compromise, or should you review the application of the Treating Customers Fairly Policy to this promotion yourself?

MiFID for Senior Managers The big changes in the Senior Management arrangements, Systems and Controls. More detailed requirements on:

Corporate Governance (see later) Risk identification, assessments, recording and management. Policies proportionate to nature, scale and complexity of firm. Segregation of duties. Conflicts of Interest management beyond client disclosure Risk-based policies and procedures. Separate Risk, Internal Audit and Compliance Functions unless

disproportionate (but must still be effective). Training and Competence.

MiFID for Senior Managers The big changes in the Senior Management arrangements, Systems and Controls Rules – Some ExamplesThe firm and its senior management must put in place effective arrangements for:

Operational Risk Liquidity Risk The “Competent Employees” Rule Business Continuity Testing Stress Testing Monitoring Outsourcing arrangements Record keeping policies (normally 5 years under MiFID) Training and Competence

MiFID for Senior Managers What standard of Corporate Governance does the Senior Management arrangements, Systems and Controls Rules require? - Example

In particular, senior personnel ...

...must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place under MiFID, and take appropriate measures to address any deficiencies.

““””

(SYSC 4.3.1)

MiFID for Senior Managers What standard of Corporate Governance does the Senior Management arrangements, Systems and Controls Rules require?

The Senior Management (including the Board) to assess and periodically review effectiveness of policies and procedures under MiFID.

The Senior Management (including the Board) to establish “robust” internal controls.

Allocation of responsibilities to individuals including detailed and current job descriptions.

Regular Management Information to Senior Management (including the Board) on internal controls, risk management policies and finance.

Risk based Supervision

Based on FSA’s

Statutory Objectives

Treating Customers Fairly,

Orderly Markets, Financial Crime

and Financial Capability

The FSA applies it

internally to its own risks

The FSA applies it to firms through

the ARROW II risk-based supervision

process

Firms apply it to their own risks

through NEW SYSC and the ICAAP

processes

MiFID for Senior Managers What does the Risk-based Approach with firms mean? - Example

Depending on the nature, scale and complexity of its business, it may be appropriate for a firm to have a separate risk assessment function responsible for assessing the risks that the firm faces and advising the governing body (the Board) and senior managers on them.

““”” (SYSC 3.2.10)

MiFID for Senior Managers Will Senior Management need to spend more time on Compliance issues?

Probably yes because:

Shift of responsibility for achieving compliance with the Principles from FSA to Senior Management.

Risk, Internal Audit and Compliance role is to advise-but not decide.

Senior Managers are individually registered with FSA.

MiFID for Senior Managers Will Senior Managers need to spend more time on Compliance issues? - Quotation

Responsibility for key regulatory decisions will move to senior levels, challenging firms’ compliance, risk management and internal audit functions as they provide the necessary support to senior management and Boards.

““””FSA’s “Principles-based regulation” April 2007

MiFID for Senior Managers Will Senior Managers need to spend more time on Compliance issues? - Quotation

Working successfully in this landscape means Boards, Chief Executives and their senior management teams will need to engage in substance with the regulatory outcomes we want to achieve. They need to work with us in a constructive way and exercise good judgment about how best their firm can deliver such outcomes.

““

””FSA’s “Principles-based regulation” April 2007